lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190528110412.gg66fl67yahtwb6i@linutronix.de>
Date:   Tue, 28 May 2019 13:04:12 +0200
From:   Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To:     Yury Norov <ynorov@...vell.com>,
        Andrew Morton <akpm@...ux-foundation.org>
Cc:     Rasmus Villemoes <linux@...musvillemoes.dk>, tglx@...utronix.de,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org
Subject: LZ4 decompressor broken on ARM due to missing strchrnul() string
 traverse in cpumask_parse"

|  CC      arch/arm/boot/compressed/decompress.o
|In file included from include/linux/mm_types_task.h:14,
|                 from include/linux/mm_types.h:5,
|                 from include/linux/mmzone.h:21,
|                 from include/linux/gfp.h:6,
|                 from include/linux/umh.h:4,
|                 from include/linux/kmod.h:22,
|                 from include/linux/module.h:13,
|                 from arch/arm/boot/compressed/../../../../lib/lz4/lz4_decompress.c:39,
|                 from arch/arm/boot/compressed/../../../../lib/decompress_unlz4.c:13,
|                 from arch/arm/boot/compressed/decompress.c:55:
|include/linux/cpumask.h: In function ‘cpumask_parse’:
|include/linux/cpumask.h:636:21: error: implicit declaration of function ‘strchrnul’; did you mean ‘strchr’? [-Werror=implicit-function-declaration]
|  unsigned int len = strchrnul(buf, '\n') - buf;
|                     ^~~~~~~~~
|                     strchr
|include/linux/cpumask.h:636:42: error: invalid operands to binary - (have ‘int’ and ‘const char *’)
|  unsigned int len = strchrnul(buf, '\n') - buf;
|                     ~~~~~~~~~~~~~~~~~~~~ ^
|cc1: some warnings being treated as errors

3713a4e1fdb8da86f96a3e770b08e278d97529b4 is the first bad commit
commit 3713a4e1fdb8da86f96a3e770b08e278d97529b4
Author: Yury Norov <ynorov@...vell.com>
Date:   Tue May 14 15:44:46 2019 -0700

    include/linux/cpumask.h: fix double string traverse in cpumask_parse

    cpumask_parse() finds first occurrence of either or strchr() and
    strlen().  We can do it better with a single call of strchrnul().

    [akpm@...ux-foundation.org: remove unneeded cast]
    Link: http://lkml.kernel.org/r/20190409204208.12190-1-ynorov@marvell.com
    Signed-off-by: Yury Norov <ynorov@...vell.com>
    Acked-by: Rasmus Villemoes <linux@...musvillemoes.dk>
    Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>

:040000 040000 f20d8a9ec1755b3981520ecf015248f6a0d9f116 db67caf64f99a9be808cd73e413c106c5aee15b7 M      include

This commit is v5.2-rc1~62^2~49.
How do we deal with this one?

Sebastian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ